The US is dooming the future of the transatlantic data economy

WELCOME to Connected Rights, your bump on the fist of digital rights news and analysis.

THE NSA’S WARRANTLESS INTERNET SURVEILLANCE POWERS look set to continue with minimal changes, after privacy activists failed to derail a bill extending the program: http://reut.rs/2EMbmAz

While the authorisation of Section 702 of the Foreign Intelligence Surveillance Act – which allows US intelligence to spy on foreigners via Facebook and Google, and which incidentally scoops up loads of information about Americans too – is set to expire on Friday, the Senate narrowly voted on Tuesday to advance the bill that would renew the authorisation. The House of Representatives already voted last week, with a much wider margin, to do the same.

For a brief moment last week, Donald Trump joined the ranks of those opposed to the six-year renewal, claiming that FISA might have been used by Barack Obama’s administration to spy on the Trump campaign. This contradicted the official White House line, which opposed any serious new constraints on the agencies’ surveillance powers – and that was the line that prevailed.

THERE WILL BE CONSEQUENCES. The Privacy Shield data-transfer agreement between the EU and US is still the focus of scepticism among European privacy regulators, and top EU courts will have to rule on the legality – under EU fundamental rights – of other mechanisms that allow US firms to import European personal data.

The fact remains that, post-Snowden, little has actually changed to better protect that data when it’s sitting in American servers. The US’s supposed attempts to play nice are being managed through a ghost-ship State Department. The US intelligence agencies can still do pretty much what they like. At some point the bough will break, and the transatlantic data economy will fall.

What will that look like in practice? Will we see EU countries try to block access to the likes of Facebook and Google? Or will we see those companies effectively split into functionally separate EU and non-EU operations, in order to comply with the requirements of both legal regimes? These may seem like crazy thoughts now, but something will have to give – and you can bet that the online giants are quietly drawing up contingency plans.

HOW EXPENSIVE HAS MAX SCHREMS’S CRUSADE AGAINST FACEBOOK BEEN for the Irish Data Protection Commissioner, which has been stuck in the middle of the endless dispute? Almost €2 million in court costs over the past two years, according to reports: http://bit.ly/2DjKo6a

A MAJOR CASE INVOLVING FACEBOOK AND HATE SPEECH is heading off to the Court of Justice of the European Union: http://tcrn.ch/2DgY6UR

The case involves an Austrian Green politician, Eva Glawischnig, who sued Facebook over defamatory postings. An Austrian appeals court ruled in her favour, saying the firm had to take down hate speech postings around the world (see the very first Connected Rights newsletter: http://bit.ly/2Dq1ijG). The CJEU will now have to rule on whether that is indeed kosher, and whether Facebook also has to seek and destroy similar hate speech posts to those specifically complained about by the target.

Yep, it’s that global jurisdiction thing again (see also: Google, the “right to be forgotten” and the demands of the French privacy regulator – another case that is in fact up for consideration by the CJEU). Fun times, and more fuel for a clash of jurisdictions around the world.

GOOD NEWS FOR SKYPE USERS – the service will be getting a “private conversations” feature using the same Signal protocol that powers the secrecy of WhatsApp and, obviously, Signal itself: http://bit.ly/2AQdF35

MORE THAN A THOUSAND KIDS IN DENMARK HAVE BEEN CHARGED with distributing child pornography, after they allegedly used Facebook Messenger to share a video showing two 15-year-olds having sex: http://reut.rs/2ENHfIZ

Someone complained to Facebook about the video. The company told the U.S. authorities, as it is bound to do, and the U.S. authorities then told the Danish authorities. According to Reuters’ report, most of the charged children shared the video a few times, but some shared it hundreds of times.

A DELIVERY DRIVER IN THE U.K. TRIED TO HIT ON one of his customers by messaging her, using the phone number she had given to the Just Eat platform for whom he worked. She complained, and Just Eat offered her a £10 “goodwill voucher”: http://bbc.in/2mJ4220

This isn’t just a creepy story in the context of sexual harassment – it’s also a very good example of how personal data can be misused, and the sort of thing that proper data protection implementations should protect against. Which is why the Information Commissioner’s Office is now looking into this breach.

A FIRM WORKING FOR TOBACCO GIANT PHILIP MORRIS IS THE LUCKY recipient of 180,000 British lung cancer patients’ medical records, per a report in The Daily Telegraph: http://bit.ly/2DbvLOT

The report says that the data was anonymised – which is good, obviously – but also that it was handed over by Public Health England to data analysis firm William E. Wecker Associates without the consent of the patients or their families.

Wecker apparently requested the information “to examine the relationship between tobacco use and cancer”, and Public Health England was under the impression that the firm was trying to “identify strategies to achieve a healthier global population”. The law limits such data-sharing to cases that are supposed to serve the public interest. However, Wecker regularly testifies in lawsuits against the tobacco industry, on behalf of the industry.

If you’d like me to write articles for you about digital rights issues, speak at your event or provide privacy advice for your business, drop me an email at david@dmeyer.eu.

A NASTY PIECE OF HIGH-END SPYWARE HAS BEEN identified by Kaspersky Lab, which reckons an Italian IT company “rather like Hacking Team” is responsible: http://for.tn/2B9j31g

Hacking Team, of course, is the outfit that itself got hacked a few years back, revealing how it was supplying its surveillance tools to delightful regimes such as those in Egypt and Sudan. The exposure prompted the Italian government to revoke the firm’s export licence.

MEANWHILE, CHECK POINT RESEARCHERS have found a piece of malware that throws up pornographic ads inside game apps that will be used by children: http://bit.ly/2FCKR1P

AND SPEAKING OF GAMING APPS, here’s an entertainingly scathing Twitter thread by privacy guru Pat Walshe, who decided to delve into the data protection implications of downloading the Tetris app: http://bit.ly/2DopXVL

About the author

I’m David Meyer, a tech journalist with more than a decade’s experience writing about technology. I’ve covered many topics in that time, though I’m most interested in the policy decisions and technological breakthroughs that will shape our world. You can find me on Twitter as @superglaze and on Facebook as @davidmeyerwrites.